Tag Archives: eventlog

eventlog Security Group for Windows Event Logs

I had a bit of a hard time with this one, so hopefully I can save someone else the trouble of finding this information…

We have a security requirement to configure the ACLs for event logs so their access is restricted.  In Windows 7/Server 2008, a new virtual account, “eventlog” is required to have full access to the logs to ensure proper functionality.

Since we configure the ACLs using Group Policy, I needed to include this as part of a file permission set.  In order to do this you must search for “NT SERVICE\eventlog” on the local machine.  You will not be able to locate the account any other way.

I suspect that this can also be configured using SDDL in the new event log GP Admin Templates, but haven’t had a chance to play with that.  If anyone has any experience with this policy, please link a post to my site…